IN THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1. (Currently Amended) A method for routing data packets for network flow analysis by a 
multi-processor system having a plurality of processors, comprising: 

receiving a data packet, the data packet comprising data sufficient to identify a 
network connection with which the data packet is associated; 

calculating a hash value based on said data sufficient to identify the network 
connection with which the data packet is associated; and 

assigning the data packet based on said hash value to one of said plurality of 
processors for analysis by using a number of bits of the hash value, wherein the number of bits 
used is not necessarily the total number of bits of the hash value and the number of bits used is 
determined at least in part by the number of processors included in said plurality of processors. 

2. (Original) The method of claim 1, wherein said data sufficient to identify the network 
connection with which the data packet is associated comprises address data. 

3. (Original) The method of claim 1, wherein said data sufficient to identify the network 
connection with which the data packet is associated comprises address data associated with a 
source computer that sent the data packet and address data associated with a destination 
computer to which the data packet is addressed. 

4. (Original) The method of claim 1, wherein the data packet is sent using the TCP/IP suite 
of protocols and said data sufficient to identify the network connection with which the data 
packet is associated comprises an IP address and port number associated with the source 
computer that sent the data packet and an IP address and port number associated with the 
destination computer to which the data packet is addressed. 

5. (Original) The method of claim 1, further comprising storing the data packet in host 
memory associated with the multi-processor system. 
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6. (Original) The method of claim 5, further comprising sending an interrupt message to a 
driver, the interrupt message comprising data identifying the storage location in host memory in 
which the data packet is stored. 

7. (Original) The method of claim 1, further comprising storing the data packet in host 
memory associated with the multi-processor system and wherein said step of routing comprises 
sending to said one of said plurality of processors data identifying the storage location in host 
memory in which the data packet is stored. 

8. (Original) The method of claim 7, wherein the step of sending to said one of said 
plurality of processors data identifying the storage location in host system memory in which the 
data packet is stored comprises storing said data identifying the storage location in a work queue 
associated with the processor. 

9. (Original) The method of claim 8, wherein said work queue is a circular queue. 

10. (Original) The method of claim 1, further comprising associating the data packet with 
one or more other data packets associated with the same network connection with which the 
received data packet is associated to recreate a network flow associated with said network 
connection. 

11. (Original) The method of claim 10, further comprising analyzing the network flow to 
determine if any security-related event has occurred. 

12. (Original) The method of claim 11, wherein a security-related event is determined to 
have occurred if the network flow matches a pattern associated with a known attack. 

13. (Original) The method of claim 11, wherein a security-related event is determined to have 
occurred if the network flow deviates from normal and permissible behavior under the network 
protocol under which the data packet was sent. 

14. (Currently Amended) A computer program product for routing data packets for network 
flow analysis by a multi-processor system, the computer program product being embodied in a 
computer readable medium and comprising computer instructions for: 
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receiving a data packet, the data packet comprising data sufficient to identify a 
network connection with which the data packet is associated; 

calculating a hash value based on said data sufficient to identify the network 
connection with which the data packet is associated; and 

assigning the data packet based on said hash value to a processor of said multi- 
processor system for analysis by using a number of bits of the hash value, wherein the number of 
bits used is not necessarily the total number of bits of the hash value and the number of bits used 
is determined at least in part by the number of processors included in said plurality of processors. 

15. (Currently Amended) A system for routing data packets for network flow analysis, 
comprising: 

a plurality of processors configured to perform network flow analysis; 
a network interface card configured to receive data packets via a network 
connection, each data packet comprising data sufficient to identify a network connection with 
which the data packet is associated; and 
a driver configured to: 

calculate a hash value based on said data sufficient to identify the network 
connection with which the data packet is associated; and 

assign the data packet based on said hash value to one of said plurality of 
processors for analysis by using a number of bits of the hash value, wherein the number 
of bits used is not necessarily the total number of bits of the hash value and the number of 
bits used is determined at least in part by the number of processors included in said 
plurality of processors. 

16. (Previously Presented) The system of claim 15, wherein said data sufficient to identify 
the network connection with which the data packet is associated comprises address data. 

17. (Previously Presented) The system of claim 15, wherein said data sufficient to identify 
the network connection with which the data packet is associated comprises address data 
associated with a source computer that sent the data packet and address data associated with a 
destination computer to which the data packet is addressed. 



Application Serial No. 1 0/076,952 
Attorney Docket No. RECOP020 



4 



18. (Previously Presented) The system of claim 15, wherein the data packet is sent using the 
TCP/IP suite of protocols and said data sufficient to identify the network connection with which 
the data packet is associated comprises an IP address and port number associated with the source 
computer that sent the data packet and an IP address and port number associated with the 
destination computer to which the data packet is addressed. 

19. (Previously Presented) The system of claim 15, wherein the driver is further configured 
to associate the data packet with one or more other data packets associated with the same 
network connection with which the received data packet is associated to recreate a network flow 
associated with said network connection. 

20. (Previously Presented) The system of claim 19, wherein the driver is further configured 
to analyze the network flow to determine if any security-related event has occurred. 
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INTERVIEW SUMMARY UNDER 37 CFR §1,133 AND MPEP §713,04 



A telephonic interview in the above-referenced case was conducted on January 23, 2007 
between the Examiner and the Applicants' undersigned representative. The Office Action 
mailed on November 15, 2006 was discussed. Specifically, the rejections of claim 1 in light of 
Salapura (U.S. Patent No. 6,904,040) and the proposed amendments set forth herein were 
discussed with the intent to place the claims in better condition for allowance or appeal. 
The Applicants wish to thank the Examiner for the interview. 
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